Here’s How Security Can Drive Automated Vehicle Innovation

As director of strategic planning and production management for Intel’s Transportation Solutions Division, one thing I am particularly excited about these days is the future of automated vehicles. Advances we’re making in connected car technologies have tremendous potential to change our lives and societies for the better. Just imagine it: zero accidents, reduced congestion in the world’s most polluted cities and mobility for all.

Here at Intel, we’ve identified three key pillars that will guide us on the road to an automated vehicle future: the car (including in-vehicle computing and human-machine interfaces, or HMIs), the cloud and data center, and the communications that connect them, specifically 5G. Paramount to each of these pillars is security.

Yet while opportunity awaits, many automakers are still struggling to fuse together automated vehicle platform security. Today’s operating systems and automotive applications can have more than 100 million lines of code, making it challenging for an automaker to ensure that software is secure. Usually, there is an expectation that software will have a defect rate of 0.75 per function point, of which some percentage will cause security vulnerabilities. Agile product life cycle methodologies allow for collective learned enhancements (like maps, traffic data, parking and enhanced visual and cognitive acuity via deep learning updates), security patches and service upgrades with secure software over the air (SOTA) updates.

 

Architecting Security

An automated BMW dashboard with hands-off steering.

The Intel ecosystem is working to build resilient security and in-depth architecture, starting at the silicon level and extending to the operating system. Together, we’re protecting communication channels between devices and to the automotive data center for trusted software updates and secure downloads of maps and other navigational information. This fits right into what I consider to be some overall best practices for designing a secure automated driving environment. Along with that, we’re analyzing risk, combining functional safety and security teams, and architecting for requirements.

People can sometimes underestimate how broad a topic automotive security is, from initial design phases through manufacturing and production. By starting early and doing a holistic analysis, you can analyze threats and identify risks, then you can prioritize those risks and focus on hardening your architecture and solution. But it’s an industry and ecosystem challenge. No single company can solve automotive cybersecurity on its own.

 

Securing the Ride

A stock image tries to recreate the mood of Michelangelo's "The Creation of Adam" by having a person touch a computer screen.

Historically, all existing security technologies evolve to address threats of their time. For example, intrusion detection systems (IDS) evolved in the 1980s in response to the proliferation of viruses and worms on personal computers, and public key cryptography was invented in the 1970s to secure network communications.

Today, we are doing research into new security technology that can help protect cyberphysical systems. This new technology will allow detection of security failures and will be able to self-recover or self-heal. It will also incorporate elements of artificial intelligence to create necessary levels of resiliency.

 

Driving toward the Future

A man lets his new road trip buddy, his automated vehicle, take over the driving.

Looking ahead, we are setting new standards and defining future architectures for safe, secure transportation that spans the vehicle, communications and data center. With cross-company technology and product leadership across IoT, data center, Intel Security, Wind River Systems, Intel Labs, and our new acquisitions of Nervana, Arynga, Itseez and YOGITECH in particular, Intel is uniquely positioned to prepare automakers and suppliers for the amazing future of transportation. And with our continued commitment to scalable, end-to-end security solutions, the Intel IoT ecosystem is providing layered protection from chip to cloud for a safer tomorrow.

To learn more about the road ahead for connected transportation, visit intel.com/automotive. For more on Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

 

The post Here’s How Security Can Drive Automated Vehicle Innovation appeared first on IoT@Intel.


IoT@Intel

A “common security model” against typical hazards in the IoT

Up until now individuals have generally been using a dedicated computer for work; now, however, the Internet of Things (IoT), with billions of networked devices that are for the most part not monitored by humans, presents enormous inherent security risks. The endless number and the different types of potential targets of attack in the IoT […]

The post A “common security model” against typical hazards in the IoT appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

Discover the cost of good Internet of Things security

Making sure the Canary is secure costs quite a bit.

This week’s scary IoT hack involved connected stuffed toys for children. The details of the hack show that Spiral Toys, the maker of the hacked CloudPets toy, treated security as even less than an afterthought. Not only did a contractor for the company’s app leave the buyers’ account credentials in an unsecured database, but Spiral Toys also didn’t even implement basic Bluetooth security.

This toy exemplifies the put-a-chip-in-it or put-an-app-on-it mindset that led us to where we are today. We have millions of devices that represent a fundamental security threat for users and for the internet as a whole. This is not hyperbole. This is a basic fact of life.

To get out of this mess manufacturers have to think about how to secure a connected product from the get go. They have to think about building a secure app, storing data securely in the cloud (and on the device) as well as basic network security and encryption of data in transit. This is not a simple task, and it should begin at the product’s inception.

Historically, consumers haven’t wanted to pay for this level of security, which meant that manufacturers didn’t add it. But forgoing security isn’t an option when you connect something to the internet.  A $ 40 CloudPet that doesn’t have security has a cost that others will have to pay for.

Good security costs a lot. It’s not enough to secure the hardware. Supporting a cloud service and an app means that security is a daily battle, especially if the device gets popular or presents an enticing target (like a door lock).

To get a sense of what good security costs, I asked a few companies what they spent. Most didn’t want to put a number on it or detail their efforts because secrecy helps maintain their security. But a few did share some insights to show how much security for a connected device can cost.

For example, Honeywell’s new camera products that will be out later this month cost $ 6.33 to secure according to the product rep who I met on the show floor at CES. He explained that that it was divided into 4 sections. They are on-chip security that authenticates each device to Honeywell’s servers, a secure boot that’s part of the chip, end-to-end 256 AES encryption, and a secure SD card on the device. The cameras cost $ 120 or $ 170.

Chris Rill, the CTO of Canary, an all-in-one security product, wasn’t as prepared. When I asked him about the cost of security as part of the Canary he estimated it was around $ 30 over the life of the device. Part of Rill’s challenge was that Canary budgets for ongoing penetration testing and other security costs over the life of their products, which means the cost is a moving number.

August, the maker of the smart lock of the same name, didn’t want to share a specific number, but a spokeswoman emailed me the following response, “August has invested hundreds of thousands of dollars using a well known security auditing firm under retainer that does regular security audits of the August Access system and devices.”

Specific numbers aside, it’s clear that these companies are taking security into account from the beginning and throughout the life of the product. In some cases, they have had to patch vulnerabilities discovered in their products, but the key is that these companies have fixed them and allocate resources for that.

In contrast, the maker of the CloudPets product apparently knew about the database hack for well over a month and had not taken steps to fix the issue or communicate with its customers. In this case, the cost of security may have been more than Spiral Toys was willing to pay, which means the entire industry is going to pay for it instead.

 

Stacey on IoT | Internet of Things news and analysis

Secure Automated Vehicles Fuse Security With Functional Safety

I’m excited about the opportunity we have before us to lay the groundwork for safer automated vehicles, as outlined recently in U.S. President Barack Obama’s piece for the Pittsburgh Post-Gazette, “Self-driving, yes, but also safe.”  I see a clear path for fully autonomous vehicles to operate safely for the protection of everyone in and around the vehicle. Of course, no one company can do this alone. A job of this magnitude takes an entire ecosystem.

In the collaborations forming around architecting automated vehicles, automakers are realizing that they must ensure functional safety at all levels — hardware, software and network — from car to cloud. That’s why I am pleased that the Intel IoT ecosystem is working within the automotive industry to shift thinking about what we do today in order to enable the autonomous future of tomorrow.

 

Functional Safety, Meet Security

An infographic showing automated driving.

We see the future as one in which the automotive industry fuses functional safety with cybersecurity. The two are interrelated and mutually dependent. Current ISO 26262 guidelines for functional safety do not fully comprehend this interrelationship. SAE J3061 has emerged as a great start to the guidelines for automotive cybersecurity, however the industry will need to establish some framework for implementation, or a reference architecture and set of best-known methods that demonstrate this fusion of safety and cybersecurity.

When I speak with automotive industry leaders around the world, I am often surprised by the widely varying perspectives on these two topics. Some believe that functional safety considerations beyond the in-vehicle architectures are not necessary. However, in a world moving quickly to predominately connected vs. not connected vehicles, the effects of security and functional safety concepts in the automotive network infrastructure and data centers from an end-to-end consideration are paramount. Security vulnerabilities will open the doors to safety concerns. What is really needed is a secure end-to-end scalable architecture.

 

Scaling out Automated Vehicle Safety

An image of vehicles of a freeway representing vehicle-to-vehicle communciation.

We need partners and industry standards to scale. The Intel IoT ecosystem understands the complexity of fusing functional safety with security. From researching and developing business models with OEMs to collaborating with regulatory bodies, members of the Intel IoT ecosystem are helping guide functional safety for automated vehicles. Add to this the cybersecurity and data center expertise of Intel and you have a solid foundation for a secure end-to-end solution.

As with any nascent technology, the need for automakers to differentiate their offerings, combined with the newness of the automated driving market, is making standardization a back-burner priority. Here at Intel, we believe collaboration is the logical answer. That is why Intel remains a leader, supporter and contributor to key industry consortiums and relevant standards bodies, and we have actively contributed on both ISO 26262 and SAE J3061.

 

The Road to Autonomous

A family pushing a stroller walks across the street in front of an automated vehicle.

Fueled by decades of success, the Intel IoT ecosystem is paving the road ahead for the automated vehicles of the future. That is what happens when innovation and collaboration merge on the road to fully automated vehicles. Intel is a logical trusted advisor to the auto industry for safety and security — together we can make a better future.

To learn more about the road ahead for fully automated vehicles, visit intel.com/automotive. For more on Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

 

The post Secure Automated Vehicles Fuse Security With Functional Safety appeared first on IoT@Intel.


IoT@Intel

As the number of hearables grows, security, privacy, and legal challenges grow with it

Opinion Hearables are among the tens of billions of IoT devices that will be in use by the end of this decade. That volume means that no matter where you go in the near future, there will be an increasingly good chance that an IoT device will be around to hear what you say.

Hearables can be grouped into two broad categories: stationary devices such as Amazon Echo and Google Home, and wearables similar in design to a Bluetooth headset or hearing aid. Besides being able to listen, some forthcoming hearables also will have electroencephalography (EEG) technologies that analyze their wearer’s brain waves to identify what she wants or doesn’t want at a particular moment. For example, EEG would enable a hearable to know that its wearer is completely focused on a conversation, so it shouldn’t interrupt by whispering information in her ear.

Many hearables also can record what’s going on around them and then share it, such as by using a built-in cellular or Wi-Fi modem to upload it to the cloud. For example, some hearables can share conversations to enable real-time language translation. Or at the end of each workday, an employer-provided hearable could upload conversations for storage, such as because a law or company policy requires all employee-client interactions to be archived.

These and other capabilities mean that hearables come with a host of regulatory and ethical questions that everyone from businesses to lawmakers to consumers will have to ponder. Many of those questions don’t have easy, clear-cut answers simply because the technologies enable unprecedented use cases. In that respect, hearables are like driverless cars: cutting-edge technologies that are ready for market before regulators and society are ready for them.

Looking for answers in telematics

There’s another vehicular parallel: Regulators, businesses and users can look at how the telematics industry is tackling privacy, security and legality. Telematics is a broad category of IoT devices and applications that enable, for example, fleet owners such as trucking companies to remotely monitor engine conditions to identify problems before they result in breakdowns. Some insurance companies use telematics to offer policies where premiums are based on each person’s driving habits.

When it comes to legal and ethical questions, there is already a lot of overlap between hearables and telematics

Businesses and regulators currently are struggling with questions such as how much driver data should be tracked and whether drivers should have a say in whether that data is shared with a third party. For example, should a ride-sharing company have the right to track its drivers at all times, or only when they’re transporting customers? Either way, should those drivers have the right to block the company from sharing their driving habits with insurance providers? And what happens if a stalker hacks in to find a particular driver’s whereabouts?

These kinds of questions have strikingly similar counterparts in hearables. For example, should employers have the legal right to monitor and record every single workplace interaction? Should hearable vendors be allowed to sell their customers’ conversations to third parties such as research firms?

In fact, when it comes to these types of legal and ethical questions, there’s already a lot of overlap between hearables and telematics. For over a decade, state and federal courts have heard cases where law enforcement used telematics systems such as OnStar to eavesdrop on conversations. The fundamental legal questions in those cases are now being applied to hearables. For example, last year, prosecutors in Arkansas subpoenaed Amazon to release information collected by an Echo device that was in a home where a murder occurred.  

Now imagine a workplace where company policy requires hearables to be listening at all times. If an employee is subject to a criminal investigation, and law enforcement finds out about that policy, it’s a safe bet that a subpoena will follow. This is just one scenario that businesses need to prepare for when deciding whether and how to use hearables.

Finally, there are cultural considerations. For example, in some countries, video surveillance is challenging because a woman can’t be photographed with a man who isn’t her husband. And probabilistic algorithms that determine damage or loss-of-life for driverless cars need to have very different cultural priors. Hearables vendors and businesses that want to use those devices will need to determine whether there are religious and societal norms that limit certain applications.

Despite all the legal and regulatory issues that are part of our hearable future, I think the technology capabilities they bring are well worth delving into and having these philosophical debates. Recent changes in the FDA’s regulatory recommendations for hearing aids and support for over-the-counter hearing devices mean that a future where a single device can give us sensory superpowers, improve our cognitive capacity, help us communicate, and make even the most mundane activities informationally  richer are coming in a not so far future.  The hard part  won’t be knowing how or when we can make use of these new devices, but when not to.

I’ll provide additional insight on this topic at the annual SXSW Conference and Festival, March 10-19, 2017. The session, Hearables and the Age of Mediated Listening, is included in the IEEE Tech for Humanity Series at SXSW.

Editor’s note: You can find out more information about the conference here.

iottechnews.com: Latest from the homepage